General
-
Target
6a9aaa3fc23d1561df97e3f9eb2de110_NeikiAnalytics
-
Size
2.9MB
-
Sample
240516-bbw14sdb58
-
MD5
6a9aaa3fc23d1561df97e3f9eb2de110
-
SHA1
d0effad0bad292fb0bcb377cbafacd8db83a474e
-
SHA256
9ff431f5f1b0f09adff076f71cdfbe91566f3b00f5ea57fc9e4c02aef199a565
-
SHA512
7350bce60b1a9ffb8ce8c8f98e17ebef7931db0f8a77af7d4dfef0ac02065169ec51734e0602a2be5790e77be9703ea560f3caf640dbaee85fc30e4630912c4c
-
SSDEEP
49152:P4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:gDKmzjWnC8Wikx1DUN2/Uq
Behavioral task
behavioral1
Sample
6a9aaa3fc23d1561df97e3f9eb2de110_NeikiAnalytics.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
6a9aaa3fc23d1561df97e3f9eb2de110_NeikiAnalytics
-
Size
2.9MB
-
MD5
6a9aaa3fc23d1561df97e3f9eb2de110
-
SHA1
d0effad0bad292fb0bcb377cbafacd8db83a474e
-
SHA256
9ff431f5f1b0f09adff076f71cdfbe91566f3b00f5ea57fc9e4c02aef199a565
-
SHA512
7350bce60b1a9ffb8ce8c8f98e17ebef7931db0f8a77af7d4dfef0ac02065169ec51734e0602a2be5790e77be9703ea560f3caf640dbaee85fc30e4630912c4c
-
SSDEEP
49152:P4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:gDKmzjWnC8Wikx1DUN2/Uq
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1